|
265631
|
5.5 |
MEDIUM
Local
|
uclouvain
fedoraproject
|
openjpeg
fedora
|
Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c in OpenJPEG before 2.1.1 allows remote attackers to cause a denial of service (crash) via a crafted .j2k file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-4796
|
2024-11-21 11:52 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265632
|
5.5 |
MEDIUM
Local
|
mini-xml_project
debian
|
mini-xml
debian_linux
|
The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2016-4571
|
2024-11-21 11:52 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265633
|
5.5 |
MEDIUM
Local
|
mini-xml_project
debian
|
mini-xml
debian_linux
|
The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly earlier allows remote attackers to cause a denial of service (stack consumption) via crafted xml file.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2016-4570
|
2024-11-21 11:52 |
2017-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265634
|
7.5 |
HIGH
Network
|
cakephp
|
cakephp
|
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
|
CWE-20
Improper Input Validation
|
CVE-2016-4793
|
2024-11-21 11:52 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265635
|
6.8 |
MEDIUM
Physics
|
cryptsetup_project
|
cryptsetup
|
The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.
|
CWE-287
Improper Authentication
|
CVE-2016-4484
|
2024-11-21 11:52 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265636
|
6.1 |
MEDIUM
Network
|
roundcube
|
webmail
|
Cross-site scripting (XSS) vulnerability in Roundcube Webmail before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the href attribute in an area tag in an e-mail message.
|
CWE-79
Cross-site Scripting
|
CVE-2016-4552
|
2024-11-21 11:52 |
2016-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265637
|
5.5 |
MEDIUM
Local
|
redhat
|
enterprise_virtualization
|
Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local users to obtain encryption keys, certificates, and other sensitive information by reading the engine-setup log file.
|
CWE-532
Inclusion of Sensitive Information in Log Files
|
CVE-2016-4443
|
2024-11-21 11:52 |
2016-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265638
|
4.4 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
An issue was discovered in phpMyAdmin. A user can be tricked into following a link leading to phpMyAdmin, which after authentication redirects to another malicious site. The attacker must sniff the u…
|
CWE-254
7PK - Security Features
|
CVE-2016-4412
|
2024-11-21 11:52 |
2016-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265639
|
7.5 |
HIGH
Network
|
hp
|
system_management_homepage
|
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-4396
|
2024-11-21 11:52 |
2016-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
265640
|
7.5 |
HIGH
Network
|
hp
|
system_management_homepage
|
HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2016-4395
|
2024-11-21 11:52 |
2016-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
